I think I understand the nature of your situation. You've got two calls to make - one with a URL encoded parameter, and one with a header token. The second, using a token retrieved from the first.
To achieve this in playbooks will be easy enough, you'll just need to have two different nodes, each executing the REST API function. The first will execute the request to retrieve the token for the second. The output of the first is defined by the output name given to the function node. You can then retrieve those results in the input script for the second call.
Let me know if you'd like me to give you more detailed response on this with your example code.
Original Message:
Sent: Tue May 07, 2024 11:51 AM
From: Raymond Tam
Subject: REST API Function - Get the token and use the token to make an API call.
I am using the token value I got from the "https://myserver/api/login" contains the Bearer token.
Then I pass the token value in the header to make make another API call "https://myserver/api/hosts/ip/10.0.0.1"
I hope I didn't misunderstand the question.
To simply my question. I am looking for a script that will work in QRadar SOAR environment.
I need to using API to login and obtain a bearer token. Then use the token to make a API call.
------------------------------
Raymond Tam
Original Message:
Sent: Fri May 03, 2024 07:55 AM
From: Calvin Wynne
Subject: REST API Function - Get the token and use the token to make an API call.
Hey Ray,
Thanks for reaching out!
Quick question, how exactly do you pass your credentials in the python script ? Do you pass it as query_parameters (encoded within the url) or in your request header?
Warm regards,
------------------------------
Calvin Wynne
Original Message:
Sent: Thu May 02, 2024 06:24 PM
From: Raymond Tam
Subject: REST API Function - Get the token and use the token to make an API call.
I am looking for assistance to use the REST API Function app to get the token and use the token to make an API.
I am able to get it to work in a python script, but I need help to make it work with the REST API Function App.
I got stuck on how to pass the token value to the API get request.
The python script below does both the get token and use the token to make an API get request. I think this help give you a good idea what I am trying to accomplish.
I also included the incomplete script from the REST API Function which I need help.
***Start of REST API Call function.***
***This script only has the get token portion since I don't know how to pass the token value to the API call
import json
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
params = {
'username': 'my_username',
'password': 'my_secret'
}
inputs.rest_api_method = 'POST'
inputs.rest_api_headers = json.dumps(headers)
inputs.rest_api_url = 'https://myserver/api/login'
inputs.rest_api_verify = False
inputs.rest_api_query_parameters = json.dumps(params)
***End of REST API CAll function script***
***Beginning of the Python script****
import requests
url = 'https://myserver/api/login'
params = {
'username': 'my_username',
'password': 'my_secret'
}
response = requests.post(url, params=params)
# Check if the request was successful
if response.status_code == 200:
token = response.text
headers = {
'Authorization': token,
'Content-Type': 'application/x-www-form-urlencoded'
}
host_url = 'https://myserver/api/hosts/ip/10.0.0.1'
host_response = requests.get(host_url, headers=headers)
print(host_response.text)
***End of the python script****
------------------------------
Ray Tam
------------------------------